KTLS with openssl 3.0 fail with error ENOTCONN(Transport endpoint is not connected)

Gaurav Jain <gaurav.jain@xxxxxxx> · Wed, 22 Dec 2021 10:23:42 +0000

Hi
Kernel Support for KTLS:

kernel version is 5.15

CONFIG_TLS=y

CONFIG_TLS_DEVICE=y

CONFIG_CRYPTO_TLS=y

Openssl:

$ ./ Configure enable-ktls linux-aarch64

$ make

Server

$ ./openssl version

OpenSSL 3.0.2-dev 14 Dec 2021 (Library: OpenSSL 3.0.0 7 sep 2021)

$ ./openssl s_server -key rsa.key -cert server.pem -accept 443

error

file: crypto/bio/bio_sock2.c

function: BIO_socket()

ktls_enable(sock); failed with ENOTCONN error

setsockopt failed, 107, Transport endpoint is not connected

server logs( added some debug logs)

root@imx8mmevk:~# ./openssl s_server -key rsa.key -cert server.pem -accept 443

sk->sk_state != TCP_ESTABLISHED (log added in kernel net/tls/tls_main.c)

sk->sk_state != TCP_ESTABLISHED

BIO_socket sock_family = 10, sock_type = 1, sock_protocol = 6, return = 3

setsockopt failed, 107, Transport endpoint is not connected

BIO_socket, ktls_enable(asock) = 0

ACCEPT

setsockopt failed, 17, File exists

BIO_new_socket, ktls_enable(s) = 0

-----BEGIN SSL SESSION PARAMETERS-----

MF8CAQECAgMDBALAMAQABDAC9MHCSSlLXrS0D8tq2hCZtW0vmB1EC6HQerBThuev

PdX7VOUnD1a2bybdw1LfEiqhBgIEYcLciaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB

HQ==

-----END SSL SESSION PARAMETERS-----

Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384

Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512

Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512

Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2

Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1

Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1

CIPHER is ECDHE-RSA-AES256-GCM-SHA384

Secure Renegotiation IS supported

Using Kernel TLS for sending fail

Using Kernel TLS for receiving fail

Regards

Gaurav Jain